Cybercriminals Exploit Amazon SNS Service to Conduct Phishing Attacks
A group of cybercriminals is using mass phishing SMS newsletters to target personal data of users. These hackers utilize a malicious script called SNS Sender, which leverages the Simple Notification Service (SNS) provided by Amazon, to carry out their nefarious activities.
The attackers send SMS messages containing harmful links with the intention of stealing personal information and payment card data from their victims. They often disguise themselves as notifications from the US Postal Service (USPS) regarding insured parcels.
Researchers from Sentinelone have connected this cybercriminal activity with a hacker known as “Arduino_das”. The SNS Sender tool, which exploits Amazon’s SNS infrastructure for spam campaigns, has been identified as the first of its kind observed “in the wild”.
Upon analyzing a completed phishing kit intended for launching spam attacks, experts discovered that the SMS Sender required a list of phishing links stored in a file named “Links.TXT” within the program directory. The program also relied on a list of AWS access keys, phone numbers, sender IDs, and message texts.
Sentinelone reports that the hacker, Arduino_Das, is associated with over 150 phishing kits, each of which is sold on specialized darknet websites. The majority of these kits focus on USPS-themed phishing, directing victims to fake tracking pages where their personal data and credit card information is stolen.
Furthermore, researchers have noticed an increasing trend of hackers abusing legitimate platforms for spreading malicious software. Discord, in particular, has been frequently exploited by hackers in recent years, highlighting the importance of caution when handling suspicious messages and links.
The investigation also uncovered that some phishing kits may contain hidden backdoors that send collected data to the developers. This grants distributors of these kits access to a continuous stream of customer data, which can be further monetized.
The findings from Sentinelone’s study confirm the growing use of cloud resources for conducting SMS phishing campaigns. This emphasizes the need for both users and cybersecurity professionals to remain vigilant and exercise caution.
To avoid falling victim to scammers, it is crucial to be alert and skeptical of suspicious SMS messages, especially those containing links. Even if a message appears to be legitimate and originates from a trusted service, it is not always the case.
If any suspicion arises, it